Bug 13112

Summary: libzip causes crashes in php-zip
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: Normal CC: mageia, shlomif, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/593611/
Whiteboard: MGA4-64-OK mga4-32-ok advisory has_procedure
Source RPM: libzip-0.11.1-2.mga4.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 13050    

Description David Walser 2014-03-28 16:49:21 CET 
The exact problem I was seeing was backing up a course in Moodle, it would crash halfway through performing the backup, causing httpd to segfault.

Upgrading libzip fixes this problem.

Updated packages uploaded for Mageia 4 and Cauldron.

Advisory:
----------------------------------------

The libzip library has been updated to version 0.11.2, which fixes crashes
that affected php-zip and possibly other users of the library.

References:
http://www.nih.at/listarchive/libzip-discuss/msg00417.html
----------------------------------------
Updated packages in core/updates_testing:
----------------------------------------
libzip-0.11.2-1.mga4
libzip2-0.11.2-1.mga4
libzip-devel-0.11.2-1.mga4

from libzip-0.11.2-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-04-04 18:53:32 CEST

Blocks: (none) => 13050

Comment 1 David Walser 2014-04-04 18:55:06 CEST 
There's a simple PoC on Bug 13050:
<?php
$za = new ZipArchive();
$flags = ZIPARCHIVE::CREATE;
$result = $za->open("/tmp/test.zip", $flags);
var_dump($result);
$za->addEmptyDir('activities/');
?>

Save that in a file called ziptest.php, install php-zip and php-cli, and run it as "php ziptest.php"

It should segfault before the libzip update, and not segfault after it.

I've confirmed the PoC is fixed on Mageia 4 i586.
Comment 2 Shlomi Fish 2014-04-04 19:21:40 CEST 
PoC is fixed on Mageia 4 x86-64 (in a VBox VM). It was broken before the upgrade.

CC: (none) => shlomif
Whiteboard: (none) => MGA4-64-OK has_procedure

Comment 3 David Walser 2014-04-04 19:29:26 CEST 
Thanks Shlomi!  Since I've confirmed the fix on i586 with both Moodle and the script in Comment 1, this could be validated.
Comment 4 Shlomi Fish 2014-04-04 19:35:57 CEST 
PoC exploit segfaults on a Mageia 4 i586 VM before the update and is fixed on it after the update. Marking as MGA4-32-OK .
Comment 5 Shlomi Fish 2014-04-04 19:36:43 CEST 
Marking now.

Whiteboard: MGA4-64-OK has_procedure => MGA4-64-OK has_procedure MGA4-32-OK

Comment 6 claire robinson 2014-04-04 19:38:11 CEST 
Advisory uploaded. Validating.

Could sysadmin please push to 4 updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA4-64-OK has_procedure MGA4-32-OK => MGA4-64-OK mga4-32-ok advisory has_procedure
CC: (none) => sysadmin-bugs

Comment 7 Damien Lallement 2014-04-04 19:55:45 CEST 
http://advisories.mageia.org/MGASA-2014-0164.html

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED

David Walser 2014-04-07 23:14:55 CEST

URL: (none) => http://lwn.net/Vulnerabilities/593611/